Hey everyone, Mark Riordan wrote: > Alas, it seems that bad guys have discovered a way to spam us.
Yeah. I've deleted the tickets, but they can of course create new. > Is there a way to require administrator approval of new accounts > on trac.libssh2.org? The spam thing is pretty much impossible to solve perfectly in an automated way. I've seen spamming both on the libusb and the libssh2 Tracs that I'm hosting. One way to fight the spam is to make it increasingly difficult to input information into Trac, but on the other hand that is absolutely counter it's purpose in the first place. We want it to be *easy* to create tickets and update wiki pages. I consider the ideal to be that no signup at all is required. Captcha adds another hurdle, but is easily circumvented. Spammers set up porn sites where they make real humans solve real captchas to access content. Except the captcha actually comes from a different site (us) which spammers want to spam. Another method is to pay cheap labour to do nothing but solve captchas all day long. My point is that raising the bar a little, using any technical solution, will only hold off spammers for so long, and annoys legitimate users. I would like very much to find a sustainable solution and preferably one which doesn't inconvenience legitimate users. I believe moderation is the only thing that will work. I've been ogling the TicketModerator plugin over here: https://software.sandia.gov/trac/fast/wiki/TicketModerator Just that I'm not sure it works exactly the way I would like to.. I do want to try it out though. Actual people will need to moderate Trac submissions, and I'd like to propose that we all help with that, so that no single person is overwhelmed with the work and maybe as a bonus we'll also cover different time zones. Not in any way expected to have instant feedback of course. //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
